<?php

function user(){
	global $_SGET,$_SPOST,$_SREQUEST;
	global $auid,$valid;
	/*view user info*/
	if ($_SERVER['REQUEST_METHOD']=="GET"){
		$id=$_SGET['id'];
		$username=$_SGET['username'];

		$where="WHERE 1";
		if ($id){
			$where.=" AND id='".$id."'";
		}
		if ($username){
			$where.=" AND username='".$username."'";
		}

		$sth = mysql_query("SELECT * FROM users $where");
		if (!mysql_num_rows($sth)){
			header("HTTP/1.0 200 OK");
		}else{
			$rows = array();
			while($r = mysql_fetch_assoc($sth)) {
				unset($r['password']);
				unset($r['accesstoken']);
				$rows[] = $r;
			}
			print json_encode($rows);
		}
	}
	/*create a new user*/
	if ($_SERVER['REQUEST_METHOD']=="POST"){
		$username = $_SPOST['username'];
		$password = $_SPOST['password'];
		$mail = $_SPOST['mail'];
		$firstname = $_SPOST['firstname'];
		$lastname = $_SPOST['lastname'];
		$age = $_SPOST['age'];
		$location = $_SPOST['location'];
		$password=md5($password);
		$description=$_SPOST[description];
		$query = "(SELECT * from users WHERE username='$username')";
		$result = @mysql_query ($query);
		$r=mysql_fetch_assoc($result);
		if (!(mysql_num_rows($result)==0 OR ($valid AND $r['id']==$auid))){
			header("HTTP/1.0 400 BAD REQUEST");
		}else{
			if ($valid){
				$query="UPDATE users SET username='$username', password='$password',mail='$mail',age='$age',location='$location',description='$description' WHERE id=$auid";
				$result = @mysql_query ($query);
				header("HTTP/1.0 200 OK");
			}else{
				$query = "INSERT INTO users (id, username, password, mail, firstname, lastname, age, location) VALUES (NULL , '$username', '$password', '$mail',
					'$firstname', '$lastname', '$age','$location' )";
				$result = @mysql_query ($query);
				header("HTTP/1.0 200 OK");
			}
		}
	}
	//if ($_SERVER['REQUEST_METHOD']=="PUT"){}

	//delete user
	/*not cascading so might create odd things*/
	if ($_SERVER['REQUEST_METHOD']=="DELETE"){
		if($valid){
			$query ="DELETE FROM friendrequests WHERE `f1` = '$auid' OR `f2`='$auid'";
			$res = mysql_query($query);

			$query ="DELETE FROM friends WHERE `f1` = '$auid' OR `f2`='$auid'";
			$res = mysql_query($query);

			$query ="DELETE FROM messages WHERE `from` = '$auid' OR `to`='$auid'";
			$res = mysql_query($query);

			$query ="DELETE FROM leagues WHERE owner = '$auid'";
			$res = mysql_query($query);

			$query ="SELECT * FROM leagueplayers WHERE playerid = '$auid'";
			$res = mysql_query($query);

			while($rows=mysql_fetch_assoc($res)){
				$query2="DELETE FROM teams WHERE id = '".$rows['teamid']."'";
				$tmp1 = mysql_query($query2);
			}

			$query="DELETE FROM leagueplayers WHERE playerid = '$auid'";
			$res = mysql_query($query);

			$query="DELETE FROM users WHERE id = '$auid'";
			$res = mysql_query($query);
			if(mysql_affected_rows()){
				header("HTTP/1.0 200 OK");
			}else{
				header("HTTP/1.0 400 BAD REQUEST");
			}
		}else{
			header("HTTP/1.0 401 UNAUTHORIZED");
		}
	}
}
?>